2017-2019 Ransomware statistics and facts

*This article is regularly updated with the latest ransomware statistics for 2017 – 2019. We’ve compiled 40+ ransomware facts, figures and trends along with a round-up of predictions from industry experts at the bottom of the article.

Ransomware. At one point just a buzzword, ransomware is now an all-too-real threat to businesses, governments, and individuals worldwide. The problem with ransomware is twofold.

First, ransomware is designed to completely encrypt a victim’s file system, potentially causing an irreversible loss of data. Second, an increasing number of cybercriminals are utilizing ransomware to extract money out of victims. Some surveys have shown that ransomware losses for businesses can average $2,500 for each incident, with businesses willing to shell out upwards of $50,000 to decrypt their data.

All of this is proof positive that ransomware continues to be an extremely lucrative venture for cybercriminals, with the average attack from all sources (businesses, governments, and individuals) yielding an average $1,077 for criminals.

To get a better idea of what the ransomware landscape looks like, we’ve gathered some of the most interesting facts and statistics from 2016 to present that highlight this ongoing security concern.

When data loss meets dollars

Given the whole purpose of ransomware is to extract money from victims, total loss values are often the numbers people care about the most. In 2016 and 2017, an increasingly large number of businesses, governments, and individuals faced huge losses thanks to ransomware. We’re already seeing huge losses to institutions in 2018 as well.

While many chose not to pay the cost (and indeed, most security professionals say paying is typically a bad idea anyway), those that do pay up often find their files remain encrypted. After all, placing trust in the good graces of criminals is often leads to disappointment.

With current trends, loss values for 2018 are likely to exceed what we’ve seen in the past few years. Nevertheless, cybercriminals not only walked off with more money from ransomware in 2017, they also caused far more damage than ever before.

In February 2016, the Hollywood Presbyterian Medical Center paid a ransom of 40 Bitcoins ($17,000 at the time) after they were hit by a ransomware attack that knocked the hospital’s network offline. (Source:LA Times)

In March 2016 MedStar Health was hit with ransomware and asked to pay 45 Bitcoins ($19,000 at the time) but reportedly the health company was able to bring their systems online without paying the ransom. (Source:Trend Micro)

In May 2016 the University of Calgary paid $20,000 CDN ($16,129 USD) after ransomware crippled multiple systems. (Source: University of Calgary)

According to FBI statistics, hackers extorted businesses and institutions for more than $209 million in ransomware payments in the first three months of 2016. (Source:Malwarebytes)

Over half of all survey respondents (55 percent) said they’d be willing to pay the ransom to regain access to digital family photos. Thirty-nine percent of respondents without children said the same. (Source: IBM)

An IBM study noted that a quarter of business executives would be willing to pay between $20,000 and $50,000 to regain access to encrypted data. (Source: IBM)

A 2017 Google study found ransomware earned its creators more than $25 million between 2015 and 2016. (Source: Business Insider)

FedEx attributed a $300 million loss in its Q1 2017 earnings report to the NotPetya ransomware attack. The company reportedly did not have cybersecurity insurance. (Source:Reuters)

After getting hit by the SamSam ransomware in March 2018, Atlanta, Georgia, has spent more than $5 million rebuilding its computer network, including spending nearly $3 million hiring emergency consultants and crisis managers. (Source:Statescoop)

A Massachusetts school district paid $10,000 in Bitcoin after a ransomware attack in April 2018. (Source: Cyberscoop)

The average ransomware demand in 2017 was half of what it was in 2016, changing from over $1,000 on average to $522. This marks a potential new focus on more high-value targets by cybercriminals. (Source: Symantec)

Ransomware continues to grow, hitting consumers and businesses hard

The hard truth about ransomware is that knowing more about the threat doesn’t easily translate to a decreased impact. FedEx is a good example of this. Despite knowledge of the threat for years now, the company saw a $300 million loss due to ransomware. The loss was not a result of paying the ransom but primarily for the cost of disaster recovery and system downtimes. The company’s lack of cyber insurance highlights the fact that many individuals and even large, multinational businesses have yet to fully grasp the threat.

As for readiness for ransomware and other cyber threats, a recent survey of IT professionals found that those working in the healthcare industry were most likely to report a lack of preparedness for an attack. Over 50 percent believed their industry simply isn’t ready to handle the threat.

Nevertheless, as more reports roll in, it’s clear that ransomware is now the preferred medium of choice for cybercriminals. As 2018 continues to progress, we’re likely to see reports from major players indicating that year-over-year growth in ransomware threats are increasing at an almost unheard-of pace.

That being said, here are some of the ways ransomware hit hard and fast in the past two years.

By the end of 2016, ransomware delivered via phishing emails had grown by over 97 percent. (Source: PhishMe)

There was a 300 percent year-over-year increase in ransomware attacks between 2015 and 2016, from 1,000 attacks per day to 4,000. (Source:U.S. Justice Department).

A 2015/2016 campuscomputing.net survey found that a quarter of campuses experienced spyware or ransomware attacks in the past year. (Source: Campus Computing)

An IBM Security survey found that only 29 percent of small businesses had experience with ransomware, making these businesses more likely to be unprepared for the threat. (Source: IBM)

Over 70 percent of parents were most concerned about losing digital family photos or videos. (Source: IBM)

A Datto survey of 1,100 IT professionals revealed that over 90 percent had clients that suffered ransomware attacks in the past year. Forty percent had clients that were subject to at least six ransomware attacks. (Source: Datto)

Ransomware attacks against businesses tripled in 2016, with one attack every two minutes in Q1, and one every 40 seconds in Q3. (Source:Kaspersky)

Kaspersky notes that while ransomware is growing, creators may be getting less innovative. The security company stated that there were only 38 new ransomware families in 2017, compared to 61 in 2016. (Source: Kaspersky)

According to a Kaspersky Lab survey, 34 percent of businesses hit with malware took a week or more to recover full access to their data. (Source: Kaspersky)

Meanwhile, 36 percent paid the ransom, while 17 percent who paid never recovered their data even after paying. (Source: Kaspersky)

Cloud security company Carbon Black found that 90 percent of financial institutions reported being targeted by malware in 2017. (Source: BetaNews)

Proofpoint also detected 40 million ransomware attacks using malicious URLs or attachments against healthcare providers in Q3 2017. (Source: Proofpoint)

The number of new ransomware variants grew in 2017 from the previous year, with 350 new variants located. (Source: Symantec)

Ransomware predictions, 2018 and beyond

Unfortunately, ransomware isn’t going anywhere fast. Cybercriminals have learned just how lucrative encrypting data can be. Other forms of security threats still exist, data breaches in particular, but criminals who want to extract an easy buck are regularly turning to readily-available ransomware packages. According to McAfee, ransomware grew 56 percent in the past four quarters.

McAfee predicts some common ransomware targets will decrease. However, the company suggests cybercriminals will target less common and more vulnerable victims, such as individuals with high net values and connected devices (IoT). (Source:McAfee)

IT Security Guru predicts ransomware attacks against Linux will increase in 2018. (Source: IT Security Guru)